7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-34624

GHSA ID

GHSA-jv4x-j47q-6qvp

EPSS Score

0.41251%

CWE

CWE-400

Published

6/14/2023

Updated

1/6/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-34624

CVE-2023-34624: htmlcleaner vulnerable to stack exhaustion

An issue was discovered htmlcleaner through version 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-34624

CVE-2023-34624:

7.5

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-34624

GHSA ID

GHSA-jv4x-j47q-6qvp

EPSS Score

0.41251%

CWE

CWE-400

Published

6/14/2023

Updated

1/6/2025

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
net.sourceforge.htmlcleaner:htmlcleaner	maven	< 2.29	2.29

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The stack trace in GitHub issue #13 shows repeated calls to markNodesToPrune() causing StackOverflowError. This indicates recursive processing without depth control. The vulnerability manifests when parsing HTML with deep nesting/cyclic references, as shown in the PoC. The Debian security advisory confirms the fix involved adding nesting depth limits, which would directly impact these recursive functions. While markNodesToPrune is clearly vulnerable (high confidence), addIfNeededToPruneSet is implicated in the stack trace but with less direct evidence of being the primary recursion driver (medium confidence).

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-34624: htmlcleaner vulnerable to stack exhaustion

CVE-2023-34624:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

7.5

7.5

CVE-2023-34624: htmlcleaner vulnerable to stack exhaustion

Basic Information

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI